hi,
i extracted from doc/tuning_guide that its good to have users in mysql but
keep a default entry in users file.
users file:
------------------------------------------------------------
DEFAULT Auth-Type := Accept
Framed-IP-Address := 255.255.255.254,
Framed-Protocol := PPP,
Service-Type := Framed-User,
Reply-Message := default-profile
------------------------------------------------------------
when im doing this every request is handled by the default, whether if the
user exist in mysql or not. every authentication is accepted and all reply
items are taken from the default entry. the rlm_sql module is saying:
rlm_sql (sql): User not found
when im doing the mysql query manually in the same way as the debug output of
radiusd -X is saying it, then the user is found.
furthermore i deleted the default entry in the user file and put it the mysql
as radgroupreply and radgroupcheck items. now a request for a existing user
is correctly handled, if it exists and the password is wrong the request is
rejected, if the user exist and the password is correct the reply items of
the users are used, and if the user doesnt exist the default entry above in
the mysql are used.
i think its better to use default entry in the user file maybe for faster
finding and put all user specifiy entries in mysql like described in
tuning_guide.
could someone say where is the problem with the above setup, why is the user
found, when the default entry is in the mysql but could not found if the
default entry is in the user file? is this generally a good idea what i want
to do or did i missunderstood something? :)
thanks in advance,
christian
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
